Vulnerabilities > Hcltech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-38654 | Unspecified vulnerability in Hcltech Domino HCL Domino is susceptible to an information disclosure vulnerability. | 5.5 |
| 2022-11-04 | CVE-2022-38660 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Domino 9.0/9.0.1 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. | 8.8 |
| 2022-11-01 | CVE-2020-4099 | Inadequate Encryption Strength vulnerability in Hcltech Verse 12.0.9 The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. | 7.5 |
| 2022-10-31 | CVE-2021-27784 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech HCL Launch Container Image 7.1.0.1 The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. | 7.5 |
| 2022-09-22 | CVE-2021-27774 | Improper Input Validation vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 User input included in error response, which could be used in a phishing attack. | 5.4 |
| 2022-09-15 | CVE-2022-27561 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0/12.0.1.1 There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | 4.8 |
| 2022-08-30 | CVE-2022-27560 | Insufficiently Protected Credentials vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0 HCL VersionVault Express exposes administrator credentials. | 6.5 |
| 2022-08-30 | CVE-2022-27563 | Improper Check for Unusual or Exceptional Conditions vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0 An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. | 7.5 |
| 2022-08-29 | CVE-2022-27546 | Cross-site Scripting vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. | 6.1 |
| 2022-08-29 | CVE-2022-27547 | Open Redirect vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a link to non-existent domain vulnerability. | 7.4 |